ok i tried /dev/log - no result, same thing - ipfw is not being logged anywhere. i noiced that i am not the only one with this problem. the other person from japan seems to have similar issue.
I don't have the whole thread, so this may already have been covered...
I believe ipfw is logged via. the kernel like ipchains. Do you have the kernel logging device in your syslog-ng config file? On Linux, you need to add: file("/proc/kmsg"); to your source statement and then you can kill klogd.
I think he uses FreeBSD, and /proc/kmsg is Linux specific. (and even under linux, using klogd is recommended, since it preprocesses some kernel messages) FreeBSD uses a special character device named /dev/klog for kernel logging. It _should_ work with file s_kern { file("/dev/klog"); }; If it doesn't, then tell me how to generate some kernel messages under FreeBSD. I have it installed, but since I'm not that much experienced in it, I can't test whether kernel messages arrive or not. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt